GetPY.biz performs the roles of a data controller and data processor during the course of business. As a data controller, we determine the purpose and manner in which personal data is processed. As a data processor, we process personal information on behalf of another group company or a third party.
GetPY.biz informs individuals of the purpose for which it collects, processes, stores and/or discloses their information through a notice. At the bare minimum, the notice includes:
- The type of personal data collected;
- The purpose for which it is collected;
- The legal requirement to collect this personal data (if applicable);
The notice is drafted in simple and clear language in a format that is consistent across the organization. The document also contains the geographic area, office locations, jurisdiction and name of the GetPY.biz entity that issues the notice.
- How the personal data will be used or processed;
- How individuals can access their personal data and amend it for accuracy;
- An explanation of third party involvement in processing personal data (if applicable);
- The consequences / impact, if any, for not providing the requested personal data; and; · An option for individuals to indicate a preferred means of contact.
Choice and Consent
Where required by law, GetPY.biz obtains consent from individuals to collect, use, retain or disclose their personal data. Individuals are given the choice to opt-in or opt-out of this procedure. If applicable, we inform individuals of the consequences for failing to consent or provide their personal data and the process to alter their consent decisions. GetPY.biz verifies that the use of personal data is consistent with the consent obtained. If personal data will be used for a purpose other than that originally disclosed to the individual, we acquire additional consent.
GetPY.biz collects personal data in a fair, transparent, and lawful manner. As such, we adhere to the following guidelines:
- Collect the minimum personal data required to support a GetPY.biz business activity or as mandated by law;
- Collect personal data in a fair and non-deceptive manner;
- Collect personal data directly from the individual, when possible;
- Where required by local law, obtain explicit consent from individuals, prior to the collection of sensitive personal information (e.g. race, ethnic origin, health details, sexual orientation etc.); and
- Verify that personal data collected from third parties is reliable and legally obtained.
Furthermore, GetPY.biz monitors the involvement of third parties during collection and conducts due diligence to ensure their compliance with our Policy.
All personal data collected by GetPY.biz is used expressly for legitimate business activities and for purposes consented to by the individual. GetPY.biz only uses personal data in strict adherence to contractual, regulatory and applicable laws. Retention GetPY.biz does not retain personal data any longer than is absolutely necessary. The retention period for personal data is determined by:
- The purpose of the data collected,
- The fulfilment of that purpose, and
- Mandatory adherence to local, state and national regulations.
As part of our retention practices, GetPY.biz documents and tracks:
- Retention periods, as mandated by any contractual and/or regulatory requirements;
- The mode of storage, archival and back up of personal data collected; and
- Approval-based disposal procedures (e.g. destruction and redaction) and exceptions to these procedures.
Disposal, Destruction and Redaction of Personal Data
GetPY.biz’s Data Retention and Disposal Policy require managerial approval for the disposal, destruction and deletion of any personal data. Our disposal, destruction and redaction procedures prevent the recovery, theft, misuse or unauthorized access of personal data.
All individuals are given access to review, update or correct their personal data. The mode of access to this information is clearly communicated to the individual within an appropriate timeframe. Where required by law, GetPY.biz will respond to requests from individuals to provide them with information relating to the personal data, we hold about them. Furthermore, GetPY.biz authenticates individuals before granting access to personal data. Access to personal data may be denied if an unreasonable request is made, subject to local laws. If access is denied, GetPY.biz provides the reason and a point of contact for further inquiry to the individual.
GetPY.biz may disclose personal data to third parties as a part of normal business operations. Such third parties must enter into a written contract with us containing appropriate privacy clauses. Third parties are mandated to handle all personal data in accordance with the following:
- Third parties must ensure equal care and adequate levels of protection; and
- Appropriate security measures must be implemented to safeguard the personal data; and
- The personal data must only be processed in accordance with GetPY.biz’s instructions.
GetPY.biz will ensure that international transfers of personal data are afforded with an adequate level of protection, as required by local law.
Protection of Personal Data in the Possession of Third Parties
GetPY.biz conducts appropriate due diligence checks prior to and during the selection of third parties who process personal data on behalf of GetPY.biz. GetPY.biz requires third parties to strictly adhere to contractual terms and guidelines on data protection to the extent such third parties have access to or are otherwise processing personal data on behalf of GetPY.biz. Furthermore, GetPY.biz retains the audit rights to monitor and supervise all GetPY.biz provided personal data that is processed or handled during the performance of services by a third party contractor. Finally, GetPY.biz maintains a well-defined mitigation and remediation plan in the event that any harm may result due to third party misusing or improperly processing such GetPY.biz provided personal data in violation of contractual and statutory obligations.
GetPY.biz informs individuals that they have a responsibility to provide accurate, complete and relevant information in order to maintain the quality and integrity of all personal data. Individuals may contact our designated personnel for any updates or corrections. Individuals may verify and challenge the accuracy and completeness of their personal data and have it amended or deleted if appropriate. Additionally, GetPY.biz has a system in place to record the date, edits, validation and verification of all personal data collected, maintained and updated.
Compliance and Reporting
GetPY.biz is committed to monitoring and enforcing compliance with this Policy and with applicable privacy laws, regulations and obligations. We have documented procedures for:
- Addressing and resolving any data privacy grievance;
- Implementing a remediation process for any data privacy breach; and
- Identifying a third-party arbitrator for dispute resolution, if necessary. In addition, employees, customers and third parties are welcome to submit questions, concerns or complaints about GetPY.biz’s privacy practices to our compliance helpline by writing to us at: firstname.lastname@example.org.
Any potential or actual violation of this Policy is immediately reported to our Chief Compliance Officer.
GetPY.biz conducts regular audits of our compliance with applicable privacy policies, procedures, laws, regulations, contracts and standards. During compliance review, we:
- Document the processes for resolution of issues and vulnerabilities, as well as corrective action plans;
- Record the results of compliance reviews and regularly submit material findings to the Audit Committee of our Board of Directors; and
- Follow up on recommendations for improvement/remediation plans based on the results of the compliance review.
All GetPY.biz directors, officers, employees, agents and contractors are expected to fully comply with this Policy. Violations of this Policy are investigated, and failure to comply with this Policy may result in disciplinary action up to and including termination of employment or contract.
Version: 1.0 Effective Date: January 01, 2020 Last Revised Date: January 01, 2020